23542300x8000000000000000247282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.842{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B5D96C3EA69ED43F569B9792C0DD402,SHA256=654275578F52C14D63CD9B219377D45FE256D9EE2A6E159DD9FCEADA3F953A3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.842{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F35636796A59861698EC2FDECE28FB29,SHA256=458059D445FB091CB638A02321D4AFC76FD6ED343BA6CABF3C4909649D2622F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.672{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F05-61E8-420A-000000002302}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.670{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.670{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.669{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.669{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.669{ED6274ED-C6EF-61E7-0500-000000002302}424440C:\Windows\system32\csrss.exe{ED6274ED-0F05-61E8-420A-000000002302}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.668{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F05-61E8-420A-000000002302}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000247273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.667{ED6274ED-0F05-61E8-420A-000000002302}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000247272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:49.641{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06A3E7262EA0DD1912561F8C1EBD6F6E,SHA256=0AA9295CE70043073AB8256CE8EC6F8A9FC8757D206FC41BCC9B6F4A248E0D0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178025Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:49.853{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E1191FF1359EC759718A8E7BDFF1549,SHA256=0752EC870705B05DA6C810B9BDBF752680C27EB5CBEA5DF0DD91BAB496F91D3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178027Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:50.855{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55EA2D1FE9527F1C7AA251979CA18E54,SHA256=6D098DA92B97C75EADDC683B95B56061504EC831D0D8CD748F070E7669230673,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.781{ED6274ED-0F06-61E8-430A-000000002302}79527516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000247291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.662{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A3E5D653421156CF67E3CD5A330E7A4,SHA256=9F0C81ED1473F07D1E1A125AAA6B22BFC21A28D71A19175D98015447D1F2DC6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.379{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F06-61E8-430A-000000002302}7952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.377{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.376{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.376{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.376{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.376{ED6274ED-C6EF-61E7-0500-000000002302}424440C:\Windows\system32\csrss.exe{ED6274ED-0F06-61E8-430A-000000002302}7952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.375{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F06-61E8-430A-000000002302}7952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000247283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:50.374{ED6274ED-0F06-61E8-430A-000000002302}7952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000178026Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:47.087{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53295-false10.0.1.12-8000- 23542300x8000000000000000178029Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:51.856{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76B68ADB8D1D4DCD86E0C28DF4048B81,SHA256=63C6A8ACA3A9659CAA3A5E0E9D0C9458C03E5EE4DF16BB3640FA4E03C1BE1CBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:51.677{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8C7D165057B7F0967F991B343365E81,SHA256=DF4DE123D80012E61A9B07F62C7674B13D34474DB56EC4076256D6C6781CDBA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178028Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:51.061{F0653C0F-C6EC-61E7-2200-000000002402}1984NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0da516282bedaafcc\channels\health\respondent-20220119080814-299MD5=26E1A90A17A870013EF4C4218FE87777,SHA256=02B0674969846812EB5EACE6FE845327C5B46FC53D45D3793660008BF07077BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:51.407{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B5D96C3EA69ED43F569B9792C0DD402,SHA256=654275578F52C14D63CD9B219377D45FE256D9EE2A6E159DD9FCEADA3F953A3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178032Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:52.908{F0653C0F-C6EC-61E7-1F00-000000002402}1924NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=8F1BAAEB63B58FFACFB56D13F23AD150,SHA256=5098868B23CBB265B3384D5FF5936A22571C5FB391599C59C9990CE16810BB53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178031Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:52.908{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90DB19F1FC0FBE0CDE15BC4BD20AB074,SHA256=6EEFD2FC27BCCC8B649E348A68C894C99AE49ED7DB1F829E3EE408036828BED2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F08-61E8-450A-000000002302}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C6EF-61E7-0500-000000002302}4241156C:\Windows\system32\csrss.exe{ED6274ED-0F08-61E8-450A-000000002302}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.820{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F08-61E8-450A-000000002302}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000247305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.821{ED6274ED-0F08-61E8-450A-000000002302}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000247304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.689{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EA107D6DF6C931EB2E992C163CBFA53,SHA256=8152AB91A935360E0775103EB3C2A049DCE4F1F667489E77A0D9C8F7FBE13E32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178030Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:52.060{F0653C0F-C6EC-61E7-2200-000000002402}1984NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0da516282bedaafcc\channels\health\surveyor-20220119080812-300MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.541{ED6274ED-0F08-61E8-440A-000000002302}60003340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F08-61E8-440A-000000002302}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C6EF-61E7-0500-000000002302}4241156C:\Windows\system32\csrss.exe{ED6274ED-0F08-61E8-440A-000000002302}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.277{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F08-61E8-440A-000000002302}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000247295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.278{ED6274ED-0F08-61E8-440A-000000002302}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000178033Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:53.939{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17B559B4CA29748867A276494CCF8BAE,SHA256=1A83DEA3F5EE51A898830220F2FE4CFF44850EB5820EE2239F629065E86D2244,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:53.697{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4D1733606EC54FB772048E02BEF9637,SHA256=EEF843F496E776135DB1B0416763CFD2B6657C156A4F273B04EDCADF74D8E86C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:53.280{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B186021B11BF584BE10AC356EC0D5066,SHA256=DB3B82BD5B305484A59C0C639305CEC4B5CD7163655CBD3E64E0FB54AD20D7C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:53.118{ED6274ED-0F08-61E8-450A-000000002302}6687756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000178035Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:54.970{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B369DD0DF3C43D6DB2D7294EA5F2F43F,SHA256=DE3E9C0FEC7CD084AC719467346116C426C70B542E49E6B92E7ED4013A3501BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.713{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FD952CB9A60D5A6E95A9ADFE5A9D4BC,SHA256=5D57B6EDB94BE168D36AC89CFFE6ED2DAB9414B1EEC9C666388E36AC1101F4AE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178034Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:52.830{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53296-false10.0.1.12-8089- 10341000x8000000000000000247325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F0A-61E8-460A-000000002302}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C6EF-61E7-0500-000000002302}424540C:\Windows\system32\csrss.exe{ED6274ED-0F0A-61E8-460A-000000002302}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.682{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F0A-61E8-460A-000000002302}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000247318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.684{ED6274ED-0F0A-61E8-460A-000000002302}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000247317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:54.413{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F95E48203D7CDF66A5052838B3EECEB,SHA256=5E021DF7D59C32026C6EA0D4CAC51A6529DA59CADEA90288F596E06EBEF9B5F6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:52.273{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64958-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000247331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:55.736{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70B4CB3498B80324D3EC85F15A3063A7,SHA256=D35843BF01D992E838B9F68D5AFD4EAB9DA420FABF2696DE0963248C0CA49F5A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178036Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:53.002{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53297-false10.0.1.12-8000- 23542300x8000000000000000247330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:55.686{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9AE74CA762A804E5C60746F1C5A408F,SHA256=D003095CBADD6993B81A72E307C085C8D5F8DEE0D0AC514DC600ABB32915EF40,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:53.430{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local64959-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local389ldap 354300x8000000000000000247328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:53.430{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local64959-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local389ldap 10341000x8000000000000000247327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:55.200{ED6274ED-0F0A-61E8-460A-000000002302}63522628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000247332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:56.736{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A829FBF661DA4B696C4B5F8A2A6B3DF5,SHA256=429C8CC206E3E6497470D8250BF1F3863D641AB11A7DB6AC856FE74F17A8EE04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178037Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:56.095{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31687A7929CC2CC1CED01F1D5F28614,SHA256=840A1EA54B3B6B5E7273687FABE51EF6A3795CF075874CFF831B0AF1EAA84FB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F0D-61E8-470A-000000002302}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C6EF-61E7-0500-000000002302}424540C:\Windows\system32\csrss.exe{ED6274ED-0F0D-61E8-470A-000000002302}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F0D-61E8-470A-000000002302}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000247335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.768{ED6274ED-0F0D-61E8-470A-000000002302}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000247334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.736{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=702AE0339BBE62C1C8A17F838D6ECB96,SHA256=21B872ADBA610F0731EE1C0C104436A968206201B062791BF5D0758977016DDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178038Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:57.111{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69F1125128219E55A1D6968BC8990BD3,SHA256=ACB7944132B801AE1104AF2616B96F4B9B8D74D2815605587BD6ECDB417B1ADB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.021{ED6274ED-C704-61E7-2B00-000000002302}2988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=8F1BAAEB63B58FFACFB56D13F23AD150,SHA256=5098868B23CBB265B3384D5FF5936A22571C5FB391599C59C9990CE16810BB53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:58.776{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ECBEF8C2859D137619A218DAF1B9A844,SHA256=D2BA4D067890AFB9809FFA603DD421DAD8CE6FCF619CF2536BB51033039E439B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:58.742{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=130A9DBA94B02315F55AA4CE3AD85203,SHA256=FED2986FD2CA9AC9C6F62AD003B4C39D0593EEBC10FDD5A75E408B9D44CF3B8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178039Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:58.267{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0FD651CBF670559EA9DF5906CBC6B17,SHA256=360796BB170ABBBCFE18853B4AD3A94ED0AF1945FD8B86BAE7C39173FC59896E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:57.070{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64960-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000247343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:58.005{ED6274ED-CBFD-61E7-6801-000000002302}1952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0pk4oq24.default-release\datareporting\glean\db\data.safe.binMD5=8AA58C1F5AB0FB0715CD13893DF9DDDC,SHA256=311DC7C851F315D20C918CB2A01EDAC88038D405C20AA3AF3FF79F3393D99C66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:59.750{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E15459798B10C24FA478C4A08CAA0B15,SHA256=6ED595C2AE79AF990AE44F9EBE6273A76CF4A3B6D91905E8A0578999EEB52A1D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178041Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:58.189{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53298-false10.0.1.12-8000- 23542300x8000000000000000178040Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:15:59.298{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4F0E1E19E73435A15F513E7513D2746,SHA256=14FC878CD21BEFD47059666F51493D50B637D4B697BCB9F2A337B26970F89481,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000247348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:15:59.495{ED6274ED-CBFD-61E7-6801-000000002302}1952\chrome.1952.143.55076218C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000247347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:59.495{ED6274ED-CBFD-61E7-6801-000000002302}19525400C:\Program Files\Mozilla Firefox\firefox.exe{ED6274ED-0ECE-61E8-3B0A-000000002302}5584C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2cd00|C:\Program Files\Mozilla Firefox\xul.dll+e1fc3d|C:\Program Files\Mozilla Firefox\xul.dll+e1f6c8|C:\Program Files\Mozilla Firefox\xul.dll+825252|C:\Program Files\Mozilla Firefox\xul.dll+818e51|C:\Program Files\Mozilla Firefox\xul.dll+19c4c23|C:\Program Files\Mozilla Firefox\xul.dll+16762ac|C:\Program Files\Mozilla Firefox\xul.dll+19eb83f|C:\Program Files\Mozilla Firefox\xul.dll+970baf|C:\Program Files\Mozilla Firefox\xul.dll+254ce|C:\Program Files\Mozilla Firefox\xul.dll+1910c8|C:\Program Files\Mozilla Firefox\xul.dll+18ffef|C:\Program Files\Mozilla Firefox\xul.dll+43be401|C:\Program Files\Mozilla Firefox\xul.dll+442a149|C:\Program Files\Mozilla Firefox\xul.dll+442af39|C:\Program Files\Mozilla Firefox\xul.dll+1f98893|C:\Program Files\Mozilla Firefox\firefox.exe+a18f|C:\Program Files\Mozilla Firefox\firefox.exe+1c9f8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000247351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:00.757{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE56EBA2BC74E70D0CBDA563CA2B96C8,SHA256=C3C4AB705C54E589ECA52FC2CC417FC973C147424CBBF9B0D6B216283D03A443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178042Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:00.455{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7DF9D98092FDC667C455B660B061B5,SHA256=FA34F3614C06006DCDA8DB8C24B8CF61B93D2294461F36AB6E96C86D54068980,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:15:58.164{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64961-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000247352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:01.760{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=569C1AEE50257E80E797C89D8535E15D,SHA256=0E623E42BC08503FF05E76A558842986F46BE8B5D31899DE279A70313BA5DB10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178043Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:01.689{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B16DD08C911DD70E131956AECC3296E,SHA256=3DE8B6F9A9B93EDE74C915A0EEB7EC498769ADFAD1B3FC270E5C19545B795426,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178044Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:02.720{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=404B3A2C5C1999130B01219BB5EE1F49,SHA256=EF210F25F963C0065B632A64FA851BD9F2372C4438E8B7D0153370BA71D49B5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:02.777{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=492A302590CA5DC486437D086C250CBE,SHA256=0EF45DEA36C22D9A417C85E1A0EB000E5D5CEA4F3CA28F1AA7C8B89A31788A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178045Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:03.736{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=423E803EB97AD089C461240EA393C92D,SHA256=25988AFD9088315AF9CB74CEBC98ECC6B70DCF62D5E7A1B6D63A92D64F8EDB11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:03.791{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DDB956D639F6F26BD5619D611592E65,SHA256=913FF7C5D4697EB90C4337CA1D480BD52A41C833BBF2098F55DF90915091FB6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178046Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:04.752{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0CF33653E0026792528AC547DCC08BE,SHA256=5FE24D58F541BA71C97E59026DFAD18508903EF984D999EE60E8312ADC819A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:04.809{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C93692AFEB099B362DAEC7845AF1B85,SHA256=F2A2DEEDFA04323DF49240F372053F5FEB7AD710A6F8413EA0036D79A69B5D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:05.839{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD175A544E6C22168120E9D298A261D0,SHA256=834DB339B0C8C55815132AF3564B95877E081D0E554BC575AF4029262D138FBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178047Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:05.783{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=999FFB506B99396E55DA35D615DD1A96,SHA256=3DE00CD958491107F3369B5A2F415783335706F73361FF322EC6D954E378278D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:06.854{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C5CECDC57B21CCE5C0976BCB0E2CE37,SHA256=28A253EE4B26E722AEF01AD0A75BE3FB8377576AF52E48442B56A54E12EB3378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178049Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:06.814{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=743C2B1C5D7093ACE62A70964AB39F3F,SHA256=D05AE6EB807DA80FADC82A3B7A7C26894B236CDF24694C6D9FA45CEC07EFB414,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:04.138{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64962-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000178048Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:04.142{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53299-false10.0.1.12-8000- 23542300x8000000000000000247359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:07.884{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEEBED6EDA5DAD694915C0CD2D4424DD,SHA256=37A96821D2F5A41ECAC2C82E9C8366FCD78DEF76D553662D6CA85F44C4010E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178050Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:07.845{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CF9EE9258165632387F7B13B5D1D568,SHA256=6E3A2E2A4503385C37BCD935090093A15857C3307AAD4DD3BE3796EE2DFACC3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178051Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:08.892{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B77A2F7F0A442A9548D46F990CD30B71,SHA256=C85AEBD947F4229A4B655FE1BF2703BF0F858098BE3399B8A7820B6299539FB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:08.888{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD9592D5FCED6170937C7970E93D28D1,SHA256=2006D436195BE85402EEEA9D08FB396A484B0655E41C3CF8CC1E082BF343E427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:09.903{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A8D02BC46EDFDE349E472DC665527DF,SHA256=3672DBD08D0D5F0B4EF26CD90DACF1478F394E50A1BE97EE22997313A068FEC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178052Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:09.908{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5588DDAA5D3D1086F6F843E9AE3265A,SHA256=AE2CF35FA358073E9E753D9AD8F01834850EA43514D853E90E7280D2AE159A72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:10.908{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB066AF1F5082DC1001ABEFFB7A59E51,SHA256=7263534593AA15895FD879ECB47AA5C8968525610706B259AE2ADE98C744D12F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178053Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:10.939{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C90D5FF9B3B71C0220EBC73F185473C,SHA256=A67ACCACCE115AF86410EA1713F0CDE76BA620CD2461D085EEB8B9980C51B3F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178055Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:11.939{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2268A35A41B6E76E04A0D2EBD3394D9A,SHA256=9D7C1367627CBDAB8AAEFB571BA22A5D1BAB83EEDCA153E86322823FD94B6D4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:11.917{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EA5E9E051223DDE3A20BAF37B48F38A,SHA256=32B572ECAB817F2E9A1D26A88E2A198FB57E2604CDF72D9AF1E03E22E89DFB79,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:10.137{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64963-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000178054Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:09.173{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53300-false10.0.1.12-8000- 23542300x8000000000000000178056Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:12.986{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=465AC1BC8AA66E3E016F885E55F1089C,SHA256=F40C32932A7B167788884E821609637D7432E382089ADD64C74A8644DC678985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:12.925{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F1EEB3D0212176638C8B10A597642C2,SHA256=FF7CFB07A67828EC1159DE1D104C3198939DD5E2E11AD054214C0285270673C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:13.940{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=916C17B8F3FCA523EB02C6401D288286,SHA256=90B07B4ED7EF624BA59F8D3318AA7943B246C3D075A94A65355DDC9982B8BAAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178057Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:13.939{F0653C0F-C6EB-61E7-1100-000000002402}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=418FA5BF1DE93468CDF69F6413749207,SHA256=176F6D5065A55A2516FD34D41AD64D2D1EDBF68446F0C3FDA8C8082787746B10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:14.942{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=254EE9DFE6978927077D2981B0B5B18B,SHA256=EFF1F38F909F5B2BF3852A8E5E797281C5737F0D499915765EF60853531BC1A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178068Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:14.095{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC1362139701B13E4F2B9BE7268764AB,SHA256=51C7EF921EF80FB270697E4F4A3726868ED946E3CB2AD49CB4BF6563F6E09BD8,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000178067Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000178066Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x011a1977) 13241300x8000000000000000178065Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d80d2e-0x59f524ef) 13241300x8000000000000000178064Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d80d36-0xbbb98cef) 13241300x8000000000000000178063Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d80d3f-0x1d7df4ef) 13241300x8000000000000000178062Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000178061Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x011a1977) 13241300x8000000000000000178060Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d80d2e-0x59f524ef) 13241300x8000000000000000178059Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d80d36-0xbbb98cef) 13241300x8000000000000000178058Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-SetValue2022-01-19 13:16:14.017{F0653C0F-C6EA-61E7-0B00-000000002402}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d80d3f-0x1d7df4ef) 23542300x8000000000000000247368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:15.943{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43548D42061083DAE695E9D543DFEBC9,SHA256=02AE340988BDA37B395F1CFEB9D45295F9A1743DE07E45E11F10EC64D2E68C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178069Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:15.142{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8732EF14918B9D6D8072BCBD65CB4017,SHA256=CB89506D50408606CE00EBDAD2765CB93ED1A674F33F1A71FB8652F79E4F8F6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:16.948{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC3141A51355820CDCB4D9B9A5A7D89,SHA256=3E56ADC398ACF09F5D3EBCDC1D68655CC686D4EC09D85DB66A28909E54C7B95F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178070Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:16.173{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E79313E073173A5A4FE77B151E19CD0,SHA256=7D26E1726795E098A82731B2D2EE5CA86B945BA8264A4FFAE7D05E2DC40B0C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:17.953{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BAE9209749BACE87DDF8498798A3196,SHA256=9F616DC2DC87DE9B13E6022ED70793B3E3D2E1DF63CD933AD38FDAD31D49EC23,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178072Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:15.158{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53301-false10.0.1.12-8000- 23542300x8000000000000000178071Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:17.174{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFA38E77E6041B0CD1057E251FC18571,SHA256=8CC4CEAECA57357D144A1A21940E02D900E080146A949B6EE09428B4C97FDB88,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:15.191{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64964-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000178073Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:18.174{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A17588AD89676338FB24F8F9D783863,SHA256=93EEBB5A76E2E18686B413C1281042DA3559E90C5B845469A500A0DFB6C36F65,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000247397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:18.673{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.2068201341529320804C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:18.673{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.2068201341529320804C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000247395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.647{ED6274ED-C704-61E7-2A00-000000002302}2964NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00d95d34f7cb1f9c1\channels\health\respondent-20220119080839-299MD5=31AE3B99E9722C70B2B0BF5629B78D35,SHA256=018F3996AECFCFD96518A9A6A1237881C0D4A214E94965D02F176A723ABECB27,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000247394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:18.638{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.4217431782065626535C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:18.622{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.4217431782065626535C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 10341000x8000000000000000247392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.622{ED6274ED-0D90-61E8-F109-000000002302}70007832C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+10eaefa|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+edd422|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfed3|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfd8b|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15dc831|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d80a63|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cee703|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cedaac|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+27cd3de|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cf6bd2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1176147|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2caf72c 10341000x8000000000000000247391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.622{ED6274ED-0D90-61E8-F109-000000002302}70007832C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+10eaefa|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+edd422|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfed3|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfd8b|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15dc831|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d80a63|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cee703|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cedaac|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+27cd3de|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cf6bd2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1176147|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2caf72c 10341000x8000000000000000247390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.622{ED6274ED-0D90-61E8-F109-000000002302}70007832C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+10eaefa|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+edd422|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfed3|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfd8b|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15dc831|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d80a63|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cee703|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cedaac|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+27cd3de|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cf6bd2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1176147|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2caf72c 10341000x8000000000000000247389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.622{ED6274ED-0D90-61E8-F109-000000002302}70007832C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+10eaefa|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+edd422|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfed3|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfd8b|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15dc831|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d80a63|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cee703|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cedaac|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+27cd3de|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cf6bd2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1176147|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2caf72c 10341000x8000000000000000247388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.622{ED6274ED-0D90-61E8-F109-000000002302}70007832C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+10eaefa|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+edd422|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfed3|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+11cfd8b|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15dc831|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d80a63|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cee703|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2d7b443|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cedaac|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+27cd3de|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2cf6bd2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1176147|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2caf72c 10341000x8000000000000000247387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.622{ED6274ED-0D91-61E8-F309-000000002302}63488032C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1aaf332|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1aaf096|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 18141800x8000000000000000247386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:18.622{ED6274ED-0F22-61E8-480A-000000002302}7988\crashpad_7000_NYMDCECJGBDLEUVNC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 354300x8000000000000000247385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:16.729{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local49776-false162.159.133.233-443https 354300x8000000000000000247384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:16.726{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local63667- 18141800x8000000000000000247383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:18.470{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.141092122340619443C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:18.470{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.141092122340619443C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 10341000x8000000000000000247381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.457{ED6274ED-C837-61E7-A600-000000002302}34043900C:\Windows\system32\csrss.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.444{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.444{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.443{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.443{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.442{ED6274ED-0D90-61E8-F109-000000002302}70007888C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+159ded(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1bd7233|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+17502e4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1330bd9|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+6a5c8e|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+e0d0ab|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+b93eb9|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2caf72c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1abbd83|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2e6dfc6|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2fa0a09|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1f35275|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+10ed983 154100x8000000000000000247375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.442{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe1.0.9003DiscordDiscordDiscord Inc.Discord.exe"C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1452,9271703145533476488,5066150233476241661,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1 --enable-node-leakage-in-renderersC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\ATTACKRANGE\Administrator{ED6274ED-C83A-61E7-93BB-090000000000}0x9bb932LowMD5=1C13935AEFF94D2473978482644CC599,SHA256=688709B3754C5446702062DFF138369DF87B5C21C865D40430628890B95F66DB,IMPHASH=5D7A734E608F216C0FFB097FFEF8C434{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe" --squirrel-firstrun 10341000x8000000000000000247374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.442{ED6274ED-C6F3-61E7-1100-000000002302}85596C:\Windows\System32\svchost.exe{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000247373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:18.304{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.3380.10188206526320424565C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:18.304{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.3380.10188206526320424565C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000178074Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:19.189{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9789B5A3A99850EFBBE80F181BB597D,SHA256=29C58F6F190C07001EEF043A5C79B348F4B4F5FE3D682ADEAFC44259E4C02B2C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.744{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local54840-false104.16.168.131-443https 22542200x8000000000000000247408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.314{ED6274ED-0D92-61E8-F709-000000002302}7808newassets.hcaptcha.com0104.16.168.131;104.16.169.131;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 22542200x8000000000000000247407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.213{ED6274ED-0D92-61E8-F709-000000002302}7808hcaptcha.com0104.16.168.131;104.16.169.131;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 22542200x8000000000000000247406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:16.663{ED6274ED-0D92-61E8-F709-000000002302}7808discordapp.com0162.159.133.233;162.159.134.233;162.159.135.233;162.159.129.233;162.159.130.233;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000247405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:19.640{ED6274ED-C704-61E7-2A00-000000002302}2964NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00d95d34f7cb1f9c1\channels\health\surveyor-20220119080836-300MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.618{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local50469- 354300x8000000000000000247403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.376{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local52734- 354300x8000000000000000247402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.283{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local57697-false104.16.168.131-443https 354300x8000000000000000247401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:18.274{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local52005- 23542300x8000000000000000247400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:19.461{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D4D80498879AE201AD18F3AE4BC493C,SHA256=1877BD9E853E9EA90FBBCCE790986B3292ACD33162B92F86D43D32C42EC7CA7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:19.457{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8AE3F7F4093BFA9C65C11594A690F32,SHA256=E79151CA7DD9D0EF99BDC55E9ED482BBCB4C862AB5013D57D863214C7C5DD303,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:19.281{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F770FBF9562AAD082904492BD094D211,SHA256=0D841C8093479EAAAEB66A7B1E3ABE90DB61FF31498B6ACD0C6CC2A65A45D8C0,IMPHASH=00000000000000000000000000000000falsetrue 534500x8000000000000000247411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:20.704{ED6274ED-0F22-61E8-480A-000000002302}7988C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000247410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:20.306{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4B5CABB424D0502A4677E27D6232391,SHA256=6D6633DB1B4ECDC08360731DC3A2D9ED951A1E6565A559CBF1804A7E9C364FB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178075Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:20.205{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9C45FCCAAAD9A2A2D8326E0D00550A8,SHA256=409ABA6B72ACB817B78081C786C1DDB2F58E6BFAA4412BC8E972B92348124002,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:21.925{ED6274ED-C6F2-61E7-0D00-000000002302}9004872C:\Windows\system32\svchost.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:21.925{ED6274ED-C6F2-61E7-0D00-000000002302}9004872C:\Windows\system32\svchost.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:21.925{ED6274ED-C6F2-61E7-0D00-000000002302}9004872C:\Windows\system32\svchost.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000247412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:21.310{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0BE4D021BFE6B11166C6CE38E55EF9B,SHA256=9A3B1245DC8F13C88A28746AE6AC9DC9CFAC706E34499D925E60F848D80E4E46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178076Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:21.220{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12FAD84A23EE5327C30A5F4E55795787,SHA256=0DE1C9F3B2A0717D38A750ACD59B700946C27F52F6BA1D109EC70C33900CCEF9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000178104Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F26-61E8-FE08-000000002402}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178103Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EA-61E7-0500-000000002402}420436C:\Windows\system32\csrss.exe{F0653C0F-0F26-61E8-FE08-000000002402}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178102Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178101Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178100Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178099Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178098Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178097Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178096Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178095Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178094Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178093Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.892{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F26-61E8-FE08-000000002402}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178092Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.893{F0653C0F-0F26-61E8-FE08-000000002402}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000178091Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.705{F0653C0F-0F26-61E8-FD08-000000002402}14323276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178090Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F26-61E8-FD08-000000002402}1432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178089Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178088Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178087Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178086Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178085Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178084Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178083Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178082Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178081Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178080Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EA-61E7-0500-000000002402}420436C:\Windows\system32\csrss.exe{F0653C0F-0F26-61E8-FD08-000000002402}1432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178079Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.392{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F26-61E8-FD08-000000002402}1432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178078Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.393{F0653C0F-0F26-61E8-FD08-000000002402}1432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000178077Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:22.236{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60E361E819835E039E9770A1CCD805F3,SHA256=5FE4D45EA85414A32549AAA5BDD4B0A9F212C3694AB95F7BDAED8AFBAADE39BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:22.354{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6DE7580729C7D8BDDB84D8776CF705F,SHA256=F01AD36B2DBD56601EBB7F64F55BA79899EACDCEF06830D2A3FF7A49C0EF20F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:22.053{ED6274ED-C6F3-61E7-1300-000000002302}704NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0B465717B754F0A94FAFB91767FFF9FB,SHA256=1165F368396C6AD8F5B7A8BE135FD2C7C278F9783CBD1A06F2995BD172BBD7FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178121Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:21.048{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53302-false10.0.1.12-8000- 23542300x8000000000000000178120Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.689{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6E185D928FBCDDF760B86C1AF61A45BC,SHA256=FA3CF490ADC5E24229E70B6B65502CEE44BE9DE8D6579F7A0EC684993A50AA08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178119Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.689{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC0C698873887D95E9C597A3812B4581,SHA256=261B07646114B99F373E613923D2BF94DA3EA9636698A972D622D6FA74E3C094,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178118Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.689{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9F764DED4E9B77DA14276F38444DDA87,SHA256=AA9AAB7593FFEBE31F20F851DDBC1C9A73E6D900F99CF569AEA1E648D4FA2380,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000178117Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F27-61E8-FF08-000000002402}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178116Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178115Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178114Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178113Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178112Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178111Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178110Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178109Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178108Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178107Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EA-61E7-0500-000000002402}4201776C:\Windows\system32\csrss.exe{F0653C0F-0F27-61E8-FF08-000000002402}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178106Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.392{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F27-61E8-FF08-000000002402}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178105Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:23.393{F0653C0F-0F27-61E8-FF08-000000002402}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000247463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.630{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4897EDA00B4ECB1EA1D483FDD0C78135,SHA256=D25A7928BC31AD84D96562DD4356A87184B321D0FA792A33A449F51503FE006B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000247462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:21.179{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local57698-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x8000000000000000247461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localT1060,RunKeySetValue2022-01-19 13:16:23.397{ED6274ED-0F27-61E8-4B0A-000000002302}7896C:\Windows\SysWOW64\reg.exeHKU\S-1-5-21-1045181283-1041755688-4012098945-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiscordC:\Users\Administrator\AppData\Local\Discord\Update.exe --processStart Discord.exe 10341000x8000000000000000247460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.376{ED6274ED-C6F3-61E7-1600-000000002302}12167244C:\Windows\system32\svchost.exe{ED6274ED-0F27-61E8-4C0A-000000002302}7012C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.376{ED6274ED-C6F3-61E7-1600-000000002302}12161260C:\Windows\system32\svchost.exe{ED6274ED-0F27-61E8-4C0A-000000002302}7012C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.371{ED6274ED-0F27-61E8-4C0A-000000002302}70127868C:\Windows\system32\conhost.exe{ED6274ED-0F27-61E8-4B0A-000000002302}7896C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.358{ED6274ED-C837-61E7-A600-000000002302}3404372C:\Windows\system32\csrss.exe{ED6274ED-0F27-61E8-4C0A-000000002302}7012C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.355{ED6274ED-C6F3-61E7-1100-000000002302}85596C:\Windows\System32\svchost.exe{ED6274ED-0F27-61E8-4C0A-000000002302}7012C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.341{ED6274ED-C837-61E7-A600-000000002302}34043476C:\Windows\system32\csrss.exe{ED6274ED-0F27-61E8-4B0A-000000002302}7896C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.339{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.339{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.339{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.338{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.336{ED6274ED-0D90-61E8-F109-000000002302}70003380C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F27-61E8-4B0A-000000002302}7896C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1a7b17e|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1a24434|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2882928|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2bde7f7|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2 154100x8000000000000000247449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.337{ED6274ED-0F27-61E8-4B0A-000000002302}7896C:\Windows\SysWOW64\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "C:\Users\Administrator\AppData\Local\Discord\Update.exe --processStart Discord.exe" /fC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\ATTACKRANGE\Administrator{ED6274ED-C83A-61E7-93BB-090000000000}0x9bb932HighMD5=ECB768001DC8424E9B1FF3AC1E89C937,SHA256=CBB9F8D012CB0AF2CA87AC74ABB5C77A7743C64697C8D92104D3EBA27A699AB0,IMPHASH=7EF58A970E6E6D04FE3D5D7732CF5BAA{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe" --squirrel-firstrun 10341000x8000000000000000247448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.336{ED6274ED-C6F3-61E7-1100-000000002302}85596C:\Windows\System32\svchost.exe{ED6274ED-0F27-61E8-4B0A-000000002302}7896C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000247447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.335{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\2152EA70-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.335{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\2152EA70-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 18141800x8000000000000000247445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.335{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\21414F30-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.335{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\21414F30-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 18141800x8000000000000000247443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.335{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\214EDEF0-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.335{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\214EDEF0-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 10341000x8000000000000000247441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.317{ED6274ED-C6F3-61E7-1600-000000002302}12167244C:\Windows\system32\svchost.exe{ED6274ED-0F27-61E8-4A0A-000000002302}8048C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.317{ED6274ED-C6F3-61E7-1600-000000002302}12161260C:\Windows\system32\svchost.exe{ED6274ED-0F27-61E8-4A0A-000000002302}8048C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.310{ED6274ED-0F27-61E8-4A0A-000000002302}80487616C:\Windows\system32\conhost.exe{ED6274ED-0F27-61E8-490A-000000002302}7908C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000247438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.305{ED6274ED-0D90-61E8-F109-000000002302}7000ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\installer.db-journalMD5=C91C88772B6E504B4C1C8C56761ACBA4,SHA256=7BC4FDD857924D61A4B5B4389BE2156D3E20756AE7C064CDEF7CF8F5857FE8BA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.292{ED6274ED-C837-61E7-A600-000000002302}3404372C:\Windows\system32\csrss.exe{ED6274ED-0F27-61E8-4A0A-000000002302}8048C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.289{ED6274ED-C6F3-61E7-1100-000000002302}85596C:\Windows\System32\svchost.exe{ED6274ED-0F27-61E8-4A0A-000000002302}8048C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000247435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.288{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.8005310922627619329C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.288{ED6274ED-0D90-61E8-F109-000000002302}7000\mojo.7000.7832.8005310922627619329C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 18141800x8000000000000000247433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.286{ED6274ED-0D95-61E8-000A-000000002302}7304\chrome.sync.7304.3672.3818043539C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.286{ED6274ED-0D95-61E8-000A-000000002302}7304\chrome.sync.7304.3672.3818043539C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 10341000x8000000000000000247431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.276{ED6274ED-C837-61E7-A600-000000002302}34043476C:\Windows\system32\csrss.exe{ED6274ED-0F27-61E8-490A-000000002302}7908C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.269{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.269{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.269{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.269{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.268{ED6274ED-0D90-61E8-F109-000000002302}70003380C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F27-61E8-490A-000000002302}7908C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1a7b17e|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+1a24434|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2882928|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2bde7f7|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+2b874f2 154100x8000000000000000247425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.267{ED6274ED-0F27-61E8-490A-000000002302}7908C:\Windows\SysWOW64\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v DiscordC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\ATTACKRANGE\Administrator{ED6274ED-C83A-61E7-93BB-090000000000}0x9bb932HighMD5=ECB768001DC8424E9B1FF3AC1E89C937,SHA256=CBB9F8D012CB0AF2CA87AC74ABB5C77A7743C64697C8D92104D3EBA27A699AB0,IMPHASH=7EF58A970E6E6D04FE3D5D7732CF5BAA{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe" --squirrel-firstrun 10341000x8000000000000000247424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.267{ED6274ED-C6F3-61E7-1100-000000002302}85596C:\Windows\System32\svchost.exe{ED6274ED-0F27-61E8-490A-000000002302}7908C:\Windows\SysWOW64\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 18141800x8000000000000000247423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.266{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\21414F30-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.266{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\21414F30-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 18141800x8000000000000000247421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.266{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\214EDEF0-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.266{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\214EDEF0-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 18141800x8000000000000000247419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-ConnectPipe2022-01-19 13:16:23.266{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\214EBDB0-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 17141700x8000000000000000247418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-CreatePipe2022-01-19 13:16:23.266{ED6274ED-0D90-61E8-F109-000000002302}7000\uv\214EBDB0-7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000178122Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:24.580{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65EE11CF94C6F448BEAD190EC16640D5,SHA256=3D172D95F57905911DB027A3B399B750261294FB1158B5FA4948286DB077DA5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.998{ED6274ED-0D90-61E8-F109-000000002302}7000ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\installer.db-journalMD5=99729D28DF1AA441F1EAD2F2B8F9A71C,SHA256=CBB6EBADC5037609426A11DC4BFA32A038E729C69A668F047196C4EF9EB17664,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000247897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localDLL2022-01-19 13:16:24.928{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_modules-1\discord_modules\2b6f62ed4f4\discord_aegis_x86.dll2022-01-19 13:16:24.926 11241100x8000000000000000247896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localDLL2022-01-19 13:16:24.925{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_modules-1\discord_modules\2b6f62ed4f4\discord_aegis_x64.dll2022-01-19 13:16:24.925 11241100x8000000000000000247895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localDLL2022-01-19 13:16:24.889{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_modules-1\discord_modules\2b6f62ed4f4\2\discord_game_sdk_x86.dll2022-01-19 13:16:24.888 11241100x8000000000000000247894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localDLL2022-01-19 13:16:24.885{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_modules-1\discord_modules\2b6f62ed4f4\2\discord_game_sdk_x64.dll2022-01-19 13:16:24.885 354300x8000000000000000247893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.750{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local50697-false162.159.136.232-443https 354300x8000000000000000247892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.745{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local56618- 23542300x8000000000000000247891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.801{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6026919B75240F0272E0221C6925A84C,SHA256=E7F56606FEAD89C53F3E27029508D1E4C1A2171707481575E6C2C9CD95172BDF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.759{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.758{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.758{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.757{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.757{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.756{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.756{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.756{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.755{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.755{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.755{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.754{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.753{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.753{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.752{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.752{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.752{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.751{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.750{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.750{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.750{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.749{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.748{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.747{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.746{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.746{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.745{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.745{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.744{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.744{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.743{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.742{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.741{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.740{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.740{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C838-61E7-A900-000000002302}3024C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.739{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.738{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.738{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.737{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.737{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x8000000000000000247850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.737{ED6274ED-0D90-61E8-F109-000000002302}7000ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Local\Discord\installer.db-journalMD5=50FE239533969FA3FAEF8510AC5B64F6,SHA256=A0876B4CBB5CACB5D321AD2E78C666DE1D7340BFAFB0E5AFF3358F14D994B36D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.736{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.736{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.735{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.735{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2E00-000000002302}2420C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.735{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.734{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.734{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.732{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.732{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.731{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.731{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.730{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.730{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.729{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.729{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.728{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.727{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.727{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.726{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.726{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.726{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.725{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.724{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.724{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.724{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0F00-000000002302}1016C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.723{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.722{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.722{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.722{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.720{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.711{ED6274ED-C6F0-61E7-0B00-000000002302}640768C:\Windows\system32\lsass.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.704{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.703{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.703{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.702{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.700{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.696{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.693{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.693{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.690{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.690{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.681{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.680{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.677{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.676{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.675{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.675{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.670{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.669{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.669{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.668{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.664{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.664{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.663{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.662{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.662{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.661{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.661{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.661{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.660{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.659{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.659{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.658{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.658{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.656{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.655{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C838-61E7-A900-000000002302}3024C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.654{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x8000000000000000247782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.654{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4440126066899E7E4F4041B490E55FBC,SHA256=D7078C14E1B9C2B282A8ECE6FF0EB24CBC98F4031F1BE7A8F45CDA0F9FE390E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.653{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.652{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.652{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.651{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.650{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x8000000000000000247776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.649{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=930D94B7514D7C9E86C017EAE0546400,SHA256=3FB714312FC783CE7D06D7AD46FBE48BF1462A6C8D3E98BB37D5A263E39F4ECC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.649{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.648{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.648{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2E00-000000002302}2420C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x8000000000000000247772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.648{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D4D80498879AE201AD18F3AE4BC493C,SHA256=1877BD9E853E9EA90FBBCCE790986B3292ACD33162B92F86D43D32C42EC7CA7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.647{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.647{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.646{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.645{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.644{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.643{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.643{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.642{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.642{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.641{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.640{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.640{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.639{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.638{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.638{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.638{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.637{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.637{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.636{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.636{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.635{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0F00-000000002302}1016C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.635{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.634{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.634{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.633{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.632{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.612{ED6274ED-C6F0-61E7-0B00-000000002302}640768C:\Windows\system32\lsass.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.606{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.605{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.605{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.605{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.604{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.604{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.603{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.603{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.602{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.602{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 354300x8000000000000000247734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.285{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local56406-false162.159.130.234-443https 354300x8000000000000000247733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.280{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local65286- 354300x8000000000000000247732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.264{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local57699-false162.159.128.232-443https 10341000x8000000000000000247731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.601{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.601{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.600{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.600{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.599{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.599{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.598{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.598{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.598{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.597{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.597{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.596{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.591{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.586{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.583{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.583{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.582{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.573{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.573{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.572{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.563{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.562{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.562{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.560{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.560{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C838-61E7-A900-000000002302}3024C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.560{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.559{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.558{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.558{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.557{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.557{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.557{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.556{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.556{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2E00-000000002302}2420C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.555{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.555{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.555{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.553{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.553{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.553{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.552{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.551{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.550{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.549{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.549{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.548{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.547{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.547{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.547{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.546{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.546{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.545{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.545{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.545{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.544{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0F00-000000002302}1016C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.544{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.543{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.542{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.542{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.541{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.517{ED6274ED-C6F0-61E7-0B00-000000002302}640768C:\Windows\system32\lsass.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.491{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.491{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.491{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.490{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.490{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.489{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.489{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.488{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.480{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.479{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.479{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.478{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.477{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.477{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.476{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.470{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.464{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.463{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.463{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.462{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.462{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.461{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.460{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.459{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.458{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.454{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.453{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.452{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.451{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.450{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.450{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.449{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.448{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.447{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.447{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C838-61E7-A900-000000002302}3024C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.445{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.444{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.443{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.443{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.442{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.442{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.442{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.441{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.441{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2E00-000000002302}2420C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.440{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.440{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.440{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.438{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.438{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.437{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.437{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.436{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.436{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.436{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.435{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.435{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.434{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.433{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.433{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.433{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.430{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.429{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.426{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.426{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.423{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0F00-000000002302}1016C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.423{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.423{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.422{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.413{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.410{ED6274ED-0F28-61E8-4D0A-000000002302}42127548C:\Windows\system32\wbem\wmiprvse.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\combase.dll+12d0|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x8000000000000000247600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.362{ED6274ED-C6F0-61E7-0B00-000000002302}640768C:\Windows\system32\lsass.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.362{ED6274ED-C6F0-61E7-0B00-000000002302}640768C:\Windows\system32\lsass.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.361{ED6274ED-C6F0-61E7-0B00-000000002302}640768C:\Windows\system32\lsass.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000247597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.219{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local55221- 10341000x8000000000000000247596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.283{ED6274ED-C6F3-61E7-1600-000000002302}12167836C:\Windows\system32\svchost.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.258{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.234{ED6274ED-C6EF-61E7-0500-000000002302}424540C:\Windows\system32\csrss.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000247593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.233{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-0F28-61E8-4D0A-000000002302}4212C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366d9|c:\windows\system32\rpcss.dll+3bec2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.227{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.227{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.226{ED6274ED-C6F0-61E7-0B00-000000002302}6405532C:\Windows\system32\lsass.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+1b8ad|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+316f1(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+316f1(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.217{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+316f1(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.216{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+316f1(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.215{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.214{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.213{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x8000000000000000247515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.212{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.211{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.210{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.209{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.209{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af 10341000x8000000000000000247490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.203{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.203{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.203{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.202{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.201{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.201{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.201{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.201{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.201{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.201{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.200{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.199{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64) 10341000x8000000000000000247466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.199{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+694b(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+1d6b8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+407c7(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150f91c|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+15100af|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64) 22542200x8000000000000000247465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.197{ED6274ED-0D90-61E8-F109-000000002302}7000dl.discordapp.net0::ffff:162.159.128.232;::ffff:162.159.130.232;::ffff:162.159.134.232;::ffff:162.159.133.232;::ffff:162.159.129.232;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 22542200x8000000000000000247464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.155{ED6274ED-0D92-61E8-F709-000000002302}7808cdn.discordapp.com0162.159.134.233;162.159.133.233;162.159.129.233;162.159.130.233;162.159.135.233;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000178123Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:25.611{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2909C9DEFBF435AADBDD31BEB06FD102,SHA256=C08FC93B9B1F2014F74BA4580AE5991A671CAC050727B012817D9FE274711C3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:25.819{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23051167A8C025D6766AD418C484DF39,SHA256=C942036CB84017AB6D46927C88735D935FCA70674598081DA040DDBF56D40BE1,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000247899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.217{ED6274ED-0D92-61E8-F709-000000002302}7808gateway.discord.gg0162.159.130.234;162.159.135.234;162.159.134.234;162.159.136.234;162.159.133.234;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 354300x8000000000000000247904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.661{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local56135- 354300x8000000000000000247903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:24.660{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local64990- 23542300x8000000000000000247902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:26.835{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB9D3E6B5CDE4C1F0D8BEF3990ECFC67,SHA256=DE9D0C591D645C4D822A6331DA2C81B7B60709D6A8B73181FD72A90E2B8ED68C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000178138Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.908{F0653C0F-0F2A-61E8-0009-000000002402}40003724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178137Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F2A-61E8-0009-000000002402}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178136Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178135Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178134Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178133Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178132Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178131Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178130Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178129Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178128Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178127Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EA-61E7-0500-000000002402}420536C:\Windows\system32\csrss.exe{F0653C0F-0F2A-61E8-0009-000000002402}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178126Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.642{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F2A-61E8-0009-000000002402}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178125Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.643{F0653C0F-0F2A-61E8-0009-000000002402}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000178124Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.627{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B78CD9121B278D8D36D4AD439EEDC15C,SHA256=9CBF05EFD0547524B5A70B5EE56E37671DC6BA9D4E0195D35B24959C84B2A123,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000247901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:23.684{ED6274ED-0D92-61E8-F709-000000002302}7808status.discord.com0162.159.136.232;162.159.128.233;162.159.135.232;162.159.137.232;162.159.138.232;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 10341000x8000000000000000178168Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.955{F0653C0F-0F2B-61E8-0209-000000002402}34802952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000178167Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.752{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6E185D928FBCDDF760B86C1AF61A45BC,SHA256=FA3CF490ADC5E24229E70B6B65502CEE44BE9DE8D6579F7A0EC684993A50AA08,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000178166Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F2B-61E8-0209-000000002402}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178165Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EA-61E7-0500-000000002402}420536C:\Windows\system32\csrss.exe{F0653C0F-0F2B-61E8-0209-000000002402}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178164Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178163Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178162Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178161Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178160Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178159Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178158Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178157Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178156Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178155Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F2B-61E8-0209-000000002402}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178154Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.739{F0653C0F-0F2B-61E8-0209-000000002402}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000178153Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.736{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78DCFDB2759BA96E643529FFF2B47949,SHA256=6E96553964857C99C04FAEABA3D4BF5D8A1F171509B16FEC26BAF2458D51540D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:27.842{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05E1465671AF37A73E492F5C84B4548D,SHA256=1463033A5909D07B87C5AF11D5C4867F27476587C0AB9834A41C4E9134BE0082,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000178152Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.330{F0653C0F-0F2B-61E8-0109-000000002402}21161680C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178151Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F2B-61E8-0109-000000002402}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178150Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178149Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178148Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178147Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178146Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178145Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178144Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178143Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178142Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178141Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EA-61E7-0500-000000002402}4201776C:\Windows\system32\csrss.exe{F0653C0F-0F2B-61E8-0109-000000002402}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178140Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.142{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F2B-61E8-0109-000000002402}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178139Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:27.143{F0653C0F-0F2B-61E8-0109-000000002402}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000178170Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:28.955{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51FA72C7BC1B6CFCB5E9B9298750EAEF,SHA256=9D67A82035432B386A70B90AB31DEF91A86894821608BC51B7083BB7FF152BDF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178169Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:26.970{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53303-false10.0.1.12-8000- 354300x8000000000000000247909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:27.149{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local50698-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000247908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:28.848{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B834CA2EA342DD87387B93D2237DE3A9,SHA256=E15E4814CBBD15564B5E7FDC3F08DBF7DB1BB95B872740C5D9CDD9CA95FE1A8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000247907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:28.226{ED6274ED-0D92-61E8-F709-000000002302}7808ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\TransportSecurity~RF11a49af.TMPMD5=E1380D00EDF440F6378CA7081246A58F,SHA256=EF8B138E7AA06DFD71E00214A2260A8A7894AFF486F78C3232DAA2D3FF3AA5AC,IMPHASH=00000000000000000000000000000000falsetrue 254200x8000000000000000247906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localT10992022-01-19 13:16:28.215{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\a2e4c7ae-52b2-4f71-8d56-2a039966a154.tmp2022-01-19 13:09:50.0402022-01-19 13:16:28.198 23542300x8000000000000000178184Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.955{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEE129B3E1F0D8DC8E98BB46C7073905,SHA256=9FAFC9F5B52E8022822F91579BF1A81DC420EABD405344147CCFE25D8929502B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.919{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=181C734B467D4FA74A7A0590FE094910,SHA256=DB5F5806A5689DB9D5E624E2270408D138569F6904DDC0CA1019503EEF99EE23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.903{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7895DF0E2E3849FF79A35377E526881E,SHA256=1141AE676EE73AF89A72BD899B6C800BD84140E2A1BF288F204453674DF3DF04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000178183Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6ED-61E7-2B00-000000002402}28242844C:\Windows\system32\conhost.exe{F0653C0F-0F2D-61E8-0309-000000002402}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178182Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178181Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178180Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178179Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178178Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178177Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178176Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178175Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178174Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EB-61E7-0C00-000000002402}7323524C:\Windows\system32\svchost.exe{F0653C0F-C6EC-61E7-2000-000000002402}1940C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178173Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EA-61E7-0500-000000002402}420536C:\Windows\system32\csrss.exe{F0653C0F-0F2D-61E8-0309-000000002402}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000178172Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-C6EC-61E7-1F00-000000002402}19243964C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{F0653C0F-0F2D-61E8-0309-000000002402}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000178171Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:29.002{F0653C0F-0F2D-61E8-0309-000000002402}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{F0653C0F-C6EB-61E7-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000248021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 23542300x8000000000000000247949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.780{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81475D629793FFD31F740D78EEB53EE2,SHA256=7383B486F50B536AD8B5E725109E6A1EAC207FAFBFB8583106BFF8292115BB42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000247948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000247934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000247910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:29.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000178186Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:30.970{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17A8156DE15A6FE2CA4683695962B67D,SHA256=203CAB5B4C6980510B98DB164B0CE89DDF2F984AC40E845C572C558327C8C2EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:30.915{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CD5D4FFAE95B5C21DBF897EF9E1E306,SHA256=EB1E0DDA484F5329970B45F56603758C9D9479FD185B7E407F6CF53FF637ABC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178185Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:30.111{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=833E32F437F3BCDB00DDC9CE10FA2429,SHA256=00ECBA8731207B5D34952728070AF1096D4C60DC53B645BAEF35E66978F24388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178187Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:31.986{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=893F2303BC9F6456BFFE604D36124CAD,SHA256=C7E1E5AB7C8A0D3935842EB910289DD5926E2BAFF8648A911F0024096E5F9BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:31.920{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CAB0E42D1FD05EAF8C5B605BAA7E286,SHA256=C9A1AF186846F28A106B7C86014FBCCC10E9858B4755337F0CF9B544DA751B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:32.930{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0E15886576E99AD6924E129DCAA2BDB,SHA256=8390ED960DD6D0288C3C8F5B404BFB70975151512B31E0AE5ABDEE86746A8704,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:33.937{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BD431BB5EA88C2632118641FF2E4572,SHA256=43E41CF3E6C2E8622A3D193948C247C6B2C29ADAA35ABE14FE17F5495C667739,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178188Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:33.034{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39802B024B5836E57ECD36269C3FCB76,SHA256=7DB0BC6D128E1B8F596F7399D5C9D53E711CC75163B596651FA90B9D14F03A89,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178190Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:32.971{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53304-false10.0.1.12-8000- 23542300x8000000000000000178189Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:34.064{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB1AD127CA600150104D405A0B72AE20,SHA256=5A8D44B0CDA49F805357FD84670E9453C59B0B90984A8721361C1B244C3F801B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:33.138{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local50699-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000248139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.797{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.796{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.796{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.796{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.796{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.796{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.795{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.795{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.795{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.795{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.794{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.794{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.794{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.794{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.793{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.792{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.792{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.792{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.792{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.792{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.792{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.791{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.791{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.791{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.791{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.790{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 23542300x8000000000000000248053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.778{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=416B4FE798A27FB6F22FD9C8080EC4A2,SHA256=B456C014A4AE6325AC471A3E316A850E8F4DD152B0CF00BBB58A938C3F5944D5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.767{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:34.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000178191Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:35.267{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9CF025031CC21EFC56084B60D89D149,SHA256=18984FA980BF37F173DC32C550D351211E9AC4C24E1945E760D16C9389A97FCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:35.057{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DE3A31535B92699F9BD136D465391AF,SHA256=79FA01F749F4DC21D54258F1547A82379F08E13E35677C1FB16A429BF40B84B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:35.042{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB5122F9A25C8777BA8AC444153A65E9,SHA256=2098C17E54CBE5FF43D287DA7978F54925C3968ECD9A52C5750CF01F87AF9360,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178192Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:36.298{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E1558F9906F989E2DA8709CBCE77988,SHA256=573C7743CAFA21C5B54E5832F433E6923D74341B91EED50CDDEFC24D5159BDBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:36.047{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3462A9695674DCEAF8EBED3AD0B40A1,SHA256=561DDF94BCA93D42492D39B370143BDE3FAF583C926DCF017C1BAF4DC53C0BEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178193Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:37.330{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=292AD9BD96535F141E9A5B7972FB1CAB,SHA256=AE485E8043C6628A3E3BDF7BD9154E3721D43A794DD46C0CA53D4F8B5C4EA6AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:37.051{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C308A280C3C8EB21CDDF22481CF610A2,SHA256=BAA4C01F1E048FF433514E035A05582E6E5B560DDDAB4A3C57D0758F71D46F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178194Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:38.423{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF4E53E5784675944B9E5BADE2BDB862,SHA256=31BF5B68413396C80D4BDFAE12020340820680CDD4C1D4C29A1A1E8573F3EA6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:38.065{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3948D62A7A89C75A8410112346EC524B,SHA256=D9F9939CE1F4FA13C9DA5C9A88F406481A2C4C72C9DE06ACE8A7BEB1D10B767A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178195Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:39.439{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A622E344B3E7A97853BE28066A684C21,SHA256=7846C787A26CA55EC46EB22B0C8B0F2DA3ACAF71C03B90BF155D025D59582612,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 23542300x8000000000000000248195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=746DCA11073723DD5B121D8499B8DABD,SHA256=99F2CAF2A79EC752AFD4D9E43CF2ABF89EE427EC72E78E736C4A9A2F6305FB0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.766{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.766{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.766{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.766{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000248146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.070{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=514B39A9399D0CC74D9217A6B17136FD,SHA256=91B2235FCF768F1421C771EDD97EC0B5BD624865D9CF463B00AC61719B10D88B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178197Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:40.455{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C254AF97287D60B24B21A26B6534B32,SHA256=47DAB6642858BE626D2DFBF2BE6579DD98610246631F88AF3426B3D7965A4ED7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:39.134{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local50700-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000248260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:40.177{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC0FC58A45DA57A2D5557A0E38875F31,SHA256=A37078385DE27BED1E906E4ACE30F751BF985689DD34BB65503806A80E80C930,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:40.165{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80E11FEAA541914F8CBC70F25A584256,SHA256=0280098FC0EA692D2776C8CE98102410664D3653B9847EB3671B58EFDE18A367,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178196Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:38.188{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53305-false10.0.1.12-8000- 23542300x8000000000000000178198Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:41.455{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CC26EBA33CCFA0DDA9083010994DF0A,SHA256=B9706984B220EF07C0AA0AC0D5D12B59CEEF4D6B6C10677B99380413230D1C94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:41.171{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62E1A1E7C909F3E6199D7AB84ABDE66E,SHA256=28D9692A0A033220B9961CC72F644317E4E87E3EA9B83B1069B56AAF8030DA2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178199Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:42.470{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A81A0668CEC984DE33A10C59B38DCEEF,SHA256=1DF00351D1F38CA2E2F1F96EDC75E586F6712309DF62D9CFA962854F443BCA23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:42.191{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A1E8B4E012BE04226CD7F5DB87530F3,SHA256=EA456532867D5F78ACAF2071F0BF4619E9652F95BACE762F904CC3070BB7F31F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178200Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:43.486{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F10B523DE32CF84845C4832E3FC421A,SHA256=0D74BCAFB2D84366FCDBF46964F2072052593AA4CA7E043E0B2BF17DF5E7852F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:43.297{ED6274ED-0D92-61E8-F709-000000002302}7808ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\TransportSecurity~RF11a8495.TMPMD5=1546E32BB5BBD5AE352185A95D06F143,SHA256=FEF712E409CBDD74098A5A48BA249B174143ED3E6092D6F39C88091FFEF91933,IMPHASH=00000000000000000000000000000000falsetrue 254200x8000000000000000248265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localT10992022-01-19 13:16:43.296{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\25cdfc83-fe73-4498-b39c-b31c3dbd1962.tmp2022-01-19 13:09:50.0402022-01-19 13:16:43.268 23542300x8000000000000000248264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:43.194{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA9097DD08DAFDA2C1DA175582693DF9,SHA256=F3D73A303663AAC010508239F1AE2E2E45978DB5555A0B98FE3DE297BFD33663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.848{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31B91ABC0E337A75CEF9984C305A267,SHA256=66B855C4180492D1BA9ED2EE804DA3038E4E3F01DC9EA1297975349F0D6BBA53,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000178201Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:44.501{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74820D1BA81F57A20BB9BF0D720C2E38,SHA256=634743AC935026BFDDA5CE871C8CBB9B7E50BFB1F0B061069CE031050E120EB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000248321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=936B944FE95FFD88AB66CD512B654FD8,SHA256=72CF89BFD6EB28F9376D2EA6437941BA3AC49987EA9E78B4FAE06570D97EAFF6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.769{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.769{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.759{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000248267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:44.200{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E60EFA8DD585D7A3ADA6EC34252AEA5,SHA256=E571C0CC6796BB9D1DF1E7D7BF822D3892AD4A1ADDED40CEACA7D5658FE39250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178202Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:45.517{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D16592D082C1DCA9E24E59DAD02B2111,SHA256=23395F9D3FB887AA02B905B88693606F2D14365B47963DE10D98334F6347899C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:45.207{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6218A5E7F779E369331F28C35A5C0212,SHA256=A78ACD0332F923C2177D22BAFB87DDBAAABEBF69E067C9CD2304FFED8CF40161,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178204Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:44.157{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53306-false10.0.1.12-8000- 23542300x8000000000000000178203Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:46.533{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31ABFA9A47A4CFE778827825B6FE2DD9,SHA256=4A0F33CC2159356D38EA01D04331813F8DA29AAF4505316DCC58D2809C0F33C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:45.074{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local50701-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000248382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:46.217{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=854249F0A58BE0EC6BEAD378B52ACCFF,SHA256=7388E5BCC1C88F6D362500329BAD8D02AF0FAE152C1BD13D4183CB6308943B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178205Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:47.533{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6D71461EA9504A17CA59D30D9EA54EC,SHA256=680CAEF69B5E72E9AE36E80369085E9464AB076A687FEA006E9CF322ACB2A493,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:47.227{ED6274ED-CBFD-61E7-6801-000000002302}1952ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0pk4oq24.default-release\datareporting\aborted-session-pingMD5=8A6345F07C7DDB18AE379A9803965F23,SHA256=80EF5E6A350FBC15EE7CA4905710D8E99A1D4F856F4481E953D1DD177A1F9C6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:47.227{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A73D111433DDA97FDE013079744389,SHA256=2DFD3EB6E414C103EB847AD86EEF2C071832F0FEF94A80E2799D67D7F8CF7828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178206Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:48.548{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC901CC64E8FC7E3371956F1130C4771,SHA256=3A9E2E6185BED025CB4D26709DEEE690B2F46D0C052883911FA04317DFDBE05F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.834{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F40-61E8-4E0A-000000002302}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.833{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.832{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.832{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.832{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.832{ED6274ED-C6EF-61E7-0500-000000002302}424540C:\Windows\system32\csrss.exe{ED6274ED-0F40-61E8-4E0A-000000002302}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.832{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F40-61E8-4E0A-000000002302}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.830{ED6274ED-0F40-61E8-4E0A-000000002302}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000248386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:48.240{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E391D401CF5A73B8A3EE11D5A175A2F9,SHA256=5EB53481472C42C539CA3347CA9209C224EB3A57565ECA1157DF652E33F735BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178207Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:49.564{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B15FAC985BF825E0A8414EE63A47264,SHA256=F1970120869A2A54A9F23BC572A0BABF124C7D2F9815876521389D52C1BE9F3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.982{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97D60BC65CC613BDE313D921687FF2A9,SHA256=628AE070D2B57161B47978AC7233BD6C2CF2CD23DE2C679D357682756A65DDC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.977{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F41-61E8-500A-000000002302}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.974{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.974{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.973{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.973{ED6274ED-C6EF-61E7-0500-000000002302}424440C:\Windows\system32\csrss.exe{ED6274ED-0F41-61E8-500A-000000002302}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.973{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.973{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F41-61E8-500A-000000002302}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.972{ED6274ED-0F41-61E8-500A-000000002302}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000248517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.836{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BDA9CDEDED870995103FCD4B62635F1D,SHA256=7610FB1E8AEA27D8EB0097C5426A6AD39CCF4D499BDB4B91B9ECDDBBFDC0D23E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.835{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=930D94B7514D7C9E86C017EAE0546400,SHA256=3FB714312FC783CE7D06D7AD46FBE48BF1462A6C8D3E98BB37D5A263E39F4ECC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.775{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.772{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.771{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.770{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.459{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F41-61E8-4F0A-000000002302}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.457{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.457{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.457{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.457{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.456{ED6274ED-C6EF-61E7-0500-000000002302}424440C:\Windows\system32\csrss.exe{ED6274ED-0F41-61E8-4F0A-000000002302}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.456{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F41-61E8-4F0A-000000002302}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.455{ED6274ED-0F41-61E8-4F0A-000000002302}7048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000248396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.258{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9AA4F1E1CB71676185142E5CCA6B706,SHA256=B5063BF4D5F199095640680C819AE68D2574484913475F26D6DC15428EB506A2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.034{ED6274ED-0F40-61E8-4E0A-000000002302}59484632C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000178208Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:50.580{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=665A209C88667767E362D026FE3386EB,SHA256=645D172C9B166E593B49EC4071A97BD81D05454CFF5099E198811D8C8A7F240E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.984{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BDA9CDEDED870995103FCD4B62635F1D,SHA256=7610FB1E8AEA27D8EB0097C5426A6AD39CCF4D499BDB4B91B9ECDDBBFDC0D23E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.78.174-50003- 354300x8000000000000000248553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.78.169-50004- 354300x8000000000000000248552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false185.179.203.228-50004- 354300x8000000000000000248551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false185.179.203.229-50002- 354300x8000000000000000248550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false185.179.203.232-50002- 354300x8000000000000000248549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.66.106-50003- 354300x8000000000000000248548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.64.162-50002- 354300x8000000000000000248547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.65.141-50001- 354300x8000000000000000248546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.66.33-50004- 354300x8000000000000000248545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.66.113-50001- 354300x8000000000000000248544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false31.204.156.197-50004- 354300x8000000000000000248543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false31.204.156.212-50003- 354300x8000000000000000248542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false31.204.157.55-50001- 354300x8000000000000000248541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false31.204.156.210hosted-by.i3d.net50002- 354300x8000000000000000248540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false31.204.157.51-50004- 354300x8000000000000000248539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false109.200.195.27hosted-by.i3d.net50004- 354300x8000000000000000248538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false109.200.194.197-50003- 354300x8000000000000000248537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false109.200.195.32-50002- 354300x8000000000000000248536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false109.200.195.28-50002- 354300x8000000000000000248535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false109.200.195.25-50004- 354300x8000000000000000248534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false5.200.14.231-50001- 354300x8000000000000000248533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false5.200.14.186-50002- 354300x8000000000000000248532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false213.163.94.30-50003- 354300x8000000000000000248531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false188.122.75.170-50003- 354300x8000000000000000248530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.715{ED6274ED-0D94-61E8-FF09-000000002302}5304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local64656-false213.163.93.34-50001- 354300x8000000000000000248529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.637{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60271-false162.159.130.235-443https 354300x8000000000000000248528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.628{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local64655- 23542300x8000000000000000248527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.274{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE993FC5ED78DD61D635ABACA0BE9B18,SHA256=D76AD195549A4150CC2A215AB6DD55C6FB1A1F878010FC871A0F474CF59B4D01,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61745- 354300x8000000000000000248599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51531- 354300x8000000000000000248598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-50300- 354300x8000000000000000248597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54216- 354300x8000000000000000248596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64224- 354300x8000000000000000248595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51090- 354300x8000000000000000248594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61746- 354300x8000000000000000248593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61744- 354300x8000000000000000248592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-50246- 354300x8000000000000000248591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61743- 354300x8000000000000000248590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51193- 354300x8000000000000000248589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51488- 354300x8000000000000000248588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.843{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49498- 354300x8000000000000000248587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.842{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-50779- 354300x8000000000000000248586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.842{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61740- 354300x8000000000000000248585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.842{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-50193- 354300x8000000000000000248584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.842{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61741- 354300x8000000000000000248583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.842{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-52949- 354300x8000000000000000248582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.842{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64315- 354300x8000000000000000248581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.841{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-62891- 354300x8000000000000000248580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.819{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local61748- 354300x8000000000000000248579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.819{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local61747- 354300x8000000000000000248578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local61746- 354300x8000000000000000248577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local61745- 354300x8000000000000000248576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local54216- 354300x8000000000000000248575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local62157- 354300x8000000000000000248574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local51090- 354300x8000000000000000248573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local50300- 354300x8000000000000000248572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local64224- 354300x8000000000000000248571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local51531- 354300x8000000000000000248570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local51193- 354300x8000000000000000248569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local49498- 354300x8000000000000000248568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local50969- 354300x8000000000000000248567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local50246- 354300x8000000000000000248566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.818{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local51488- 354300x8000000000000000248565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.817{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local50193- 354300x8000000000000000248564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.817{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local50779- 354300x8000000000000000248563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.817{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local61741- 354300x8000000000000000248562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.817{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local52949- 354300x8000000000000000248561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.816{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local64315- 354300x8000000000000000248560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.816{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local51043- 354300x8000000000000000248559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.816{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local62891- 354300x8000000000000000248558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.296{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60272-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 22542200x8000000000000000248557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:49.569{ED6274ED-0D92-61E8-F709-000000002302}7808latency.discord.media0162.159.130.235;162.159.129.235;162.159.128.235;162.159.138.234;162.159.137.234;C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe 23542300x8000000000000000248556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:51.380{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CE70BD70B9875055EDA49F5D7A6850F,SHA256=469A4CEBB5708B0881227F86A873DA0ED26B4DE8A1B0B2C853D2887923176909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178209Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:51.595{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80576340C3B06FFC638B38C11876E797,SHA256=497EA3CB504A2D3514D69AC23B9714A4CD5B2EAB28BEA01374345714386763C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178213Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:52.940{F0653C0F-C6EC-61E7-1F00-000000002402}1924NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=8F1BAAEB63B58FFACFB56D13F23AD150,SHA256=5098868B23CBB265B3384D5FF5936A22571C5FB391599C59C9990CE16810BB53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178212Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:52.596{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38620CF5C2476BF7AC3B9A575790643D,SHA256=97D717DDD5DCF2FA31011DD5A7189E923EC675C7463CB5E58EFAD61D9E679AC2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.909{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F44-61E8-520A-000000002302}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.908{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.907{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.903{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.903{ED6274ED-C6EF-61E7-0500-000000002302}4241156C:\Windows\system32\csrss.exe{ED6274ED-0F44-61E8-520A-000000002302}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.903{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.902{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F44-61E8-520A-000000002302}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.901{ED6274ED-0F44-61E8-520A-000000002302}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000248612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.900{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F042C308AEBA8D153AFB8F3DF87143A,SHA256=0305CE9AA4550B8112FE935872C6CF93BA91BFB25D4F5FCC653138F1F4874CDD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.844{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61748- 354300x8000000000000000248610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:50.844{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61747- 10341000x8000000000000000248609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.488{ED6274ED-0F44-61E8-510A-000000002302}6841580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.294{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F44-61E8-510A-000000002302}684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.291{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.291{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.290{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.290{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.290{ED6274ED-C6EF-61E7-0500-000000002302}4241156C:\Windows\system32\csrss.exe{ED6274ED-0F44-61E8-510A-000000002302}684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.289{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F44-61E8-510A-000000002302}684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:52.288{ED6274ED-0F44-61E8-510A-000000002302}684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000178211Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:52.568{F0653C0F-C6EC-61E7-2200-000000002402}1984NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0da516282bedaafcc\channels\health\respondent-20220119080814-300MD5=26E1A90A17A870013EF4C4218FE87777,SHA256=02B0674969846812EB5EACE6FE845327C5B46FC53D45D3793660008BF07077BC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178210Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:50.095{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53307-false10.0.1.12-8000- 23542300x8000000000000000178215Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:53.610{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D15A7AB995060AC7171FDD5844560403,SHA256=5E5A7399B695B3A406EA3A796E72D572473491F71CF5DD4FEFC65ED8B88364BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:53.497{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82BE8416BC1F7D7E571AC5DAD9696191,SHA256=26C29419AB6C340CDEDFB40B29813245E94380647187BE2E85AA3AD1FD7CE1F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178214Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:53.582{F0653C0F-C6EC-61E7-2200-000000002402}1984NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0da516282bedaafcc\channels\health\surveyor-20220119080812-301MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:53.293{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0AD8A2871D683ED7A30B73370F81EB01,SHA256=EA725EC29090806D49C020DB32245E94F3370F6D7C0D8F1AC2032B06772EDA93,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:53.107{ED6274ED-0F44-61E8-520A-000000002302}33687528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000178216Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:54.613{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3F0EB031BC0E2221183D893573FB7FF,SHA256=D70920E36FE41A4B3E8FE7DDF305EFEACC5C8E616175E18958714424B265E72D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:53.436{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local60273-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local389ldap 354300x8000000000000000248747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:53.436{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local60273-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-356.attackrange.local389ldap 10341000x8000000000000000248746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.795{ED6274ED-0F46-61E8-530A-000000002302}62967504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0F46-61E8-530A-000000002302}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.784{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.783{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.782{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.781{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.780{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.779{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.778{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.777{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.776{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.774{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.773{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.765{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.764{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.763{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.762{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.761{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.760{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.572{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F46-61E8-530A-000000002302}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.571{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.570{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.570{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.570{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.570{ED6274ED-C6EF-61E7-0500-000000002302}4241156C:\Windows\system32\csrss.exe{ED6274ED-0F46-61E8-530A-000000002302}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.569{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F46-61E8-530A-000000002302}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.568{ED6274ED-0F46-61E8-530A-000000002302}6296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000248625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.500{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91A35617F0A2F97D3B7EFBC3C3BFD670,SHA256=3467DD1B4C31FFA4DD9762A0D14AC2E7D0E86D09FD927D2843F887EFDD3CCD5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:54.381{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD4DF8838EB0DA2D33FA9330741F82AC,SHA256=EE2F3A8E1BBC990FF22F05CAF4508C799E62DBD5325484C9D849269C97651F37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178218Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:55.628{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2D5D4F1B09AB16F5AB3EF202E01A017,SHA256=C51E3308B9CF1508B06E026CAD1C9C66CF897C4835744B949470F23E6EE4A639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:55.574{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A970E63FEE3EC228D37A6C3228793A2D,SHA256=519636866C8C7CB612B98EA3EF3CCC3B0F0841CC99691513B11918D68C34DA4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:55.518{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1F1E6E98E92CA8745657D619EB45227,SHA256=C6C736879A0DF96156547E989C528474A4CB754B2161329F90D150FCDEDFCCF8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178217Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:52.861{F0653C0F-C6EC-61E7-1F00-000000002402}1924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53308-false10.0.1.12-8089- 23542300x8000000000000000248749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:55.090{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D33E3CDB163B4CC5FBE5E874B246C3A9,SHA256=E04D505614CDA74983108AA8AA6DB070E72B0D3B765B52E97AFBFA7CC82D7850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178219Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:56.644{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8874EEE06879C9653AEC8844136BE6D,SHA256=806238A89020F92658662A96EDADF111E1252D5CC885769A62FBF37B1268ADFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:56.524{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A75D6E920353136AC451DAEA25121705,SHA256=718A0A8FDEC7A2F098C9F66961876C8BF734919EFE639F2052819B9D758AF7F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178220Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:57.660{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=366152F16E1923C766C97248FD9496A0,SHA256=DB771E9176D00EAA98219177755C08DC956DE5089775FB111BFADDCCB789E310,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:56.266{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60274-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000248762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.669{ED6274ED-C706-61E7-3400-000000002302}32163236C:\Windows\system32\conhost.exe{ED6274ED-0F49-61E8-540A-000000002302}7756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.653{ED6274ED-C6EF-61E7-0500-000000002302}424440C:\Windows\system32\csrss.exe{ED6274ED-0F49-61E8-540A-000000002302}7756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000248760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.653{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.653{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.653{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.653{ED6274ED-C6F2-61E7-0C00-000000002302}8445136C:\Windows\system32\svchost.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.652{ED6274ED-C704-61E7-2B00-000000002302}29883880C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{ED6274ED-0F49-61E8-540A-000000002302}7756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000248755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.651{ED6274ED-0F49-61E8-540A-000000002302}7756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{ED6274ED-C6F0-61E7-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000248754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.532{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1A1D7E8A8D193A2BDC354A10BCFFA04,SHA256=FF1E17B219BAB38E8894DFB184FEDF71D837B607D4824B3EAFF3B1FE1B5A9835,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.038{ED6274ED-C704-61E7-2B00-000000002302}2988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=8F1BAAEB63B58FFACFB56D13F23AD150,SHA256=5098868B23CBB265B3384D5FF5936A22571C5FB391599C59C9990CE16810BB53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178222Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:58.675{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BC39C48C1FCF9483638F885B55ADE03,SHA256=ABA2B5BD1200B4C9919EE5DB6DD5B558550F61119FF3EEFBD21B5C72DF3FAF82,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000248768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:57.086{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60275-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000248767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:58.746{ED6274ED-0D90-61E8-F109-000000002302}7000ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index~RF11ac0e3.TMPMD5=A24E5FBAF76CF2C3F188F0D28C1C2AEC,SHA256=B0EEFB36C3C5E67D8F28F7A5017B302B6B5ECD9D808CE4366C72CB1B9D62AF63,IMPHASH=00000000000000000000000000000000falsetrue 254200x8000000000000000248766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localT10992022-01-19 13:16:58.743{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\Code Cache\js\index-dir\temp-index2022-01-19 13:09:38.0432022-01-19 13:16:58.742 23542300x8000000000000000248765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:58.655{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=214155902E21A4FB4E8935F9B7D79F9A,SHA256=699F1A0266C7E27F4E85330279EB6B2B483633DA2FCBEFE90275F67A5200F139,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:58.538{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADFC8F6995C702C960B33E9CD3F818D8,SHA256=0D22CFD13FF2024109F14F568F1255046FC1CAF10AC1D1C8E40E586ABF2C4988,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178221Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:56.034{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53309-false10.0.1.12-8000- 23542300x8000000000000000178223Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:16:59.691{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B770960D1C7247BF57154F70A974BB5,SHA256=B352DE0303FFE3C7D208867EE895D5B22E3548CD5AF559B2D8D49B789F410DDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.894{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12312055BEF501CCEC0ACA02717D2CEB,SHA256=BC0E4B6E46BF11F2C18B1E7F1927B5448F093595CBC253CDF37FBB3485E3EDE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.818{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51B19E9B5F585928AA3C9241337E3FC2,SHA256=B171A0E6897147A25FDF1C6FE1522389F943E24545E3501D4F3BFFAD491CA240,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.808{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.808{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.808{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.807{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.806{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.805{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.804{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.803{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.802{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 23542300x8000000000000000248817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1BFF70031217FBD2D0F794739960F8D,SHA256=729347BC9847B164377ABCCE63EE0C958DEE576134D2A25DA09C615A589ED842,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.801{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.800{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.799{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.799{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.799{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.799{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.799{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.799{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.798{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.798{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.798{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.789{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.788{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.787{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.786{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.785{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000248771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.677{ED6274ED-0D92-61E8-F709-000000002302}7808ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\TransportSecurity~RF11ac48c.TMPMD5=A9F739ED419C9C1675242115FBE74B8D,SHA256=B36C0CD85E3A1B49779D5E421984B39064CC2E817AD31B7089F1301571FE695F,IMPHASH=00000000000000000000000000000000falsetrue 254200x8000000000000000248770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.localT10992022-01-19 13:16:59.674{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Administrator\AppData\Roaming\discord\c80b46e9-24d5-4846-9714-52d47d1d8c2a.tmp2022-01-19 13:09:50.0402022-01-19 13:16:59.646 23542300x8000000000000000248769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:16:59.548{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B45C37DC02B71559590A4D943484EA42,SHA256=CD43AE54016077B5BECD817F59F781264F0EAEC6511CDB3465EC93528DCDD24B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:00.560{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2EFCCBA5542B81BCCBC7A1F815FF994,SHA256=06B2E57AB60053F7991F6B75D6F82E47F2163A1B623E741FFE39EAA15CAA4AF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178224Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:00.707{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4EB0E9164D9F9BE0912AFEDD85B4B61,SHA256=79B1459AF605E84F19BB6F88BD75604F6BA1A89EB0CA57D66870C9E8413971B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178225Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:01.722{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60984ADB9819701910EBC93C9F15F1E,SHA256=B9186CDA3E6811AF141E7D113801816EB5B9C21B65C3FA1FAF926309FE29F89C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:01.579{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BA39F3853974FBBBA6A0BCD5FB6B2E6,SHA256=9568A90C0E55237B256788457F14443990017368ECBD973C870F5F66BB6DD617,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178227Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:01.143{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53310-false10.0.1.12-8000- 23542300x8000000000000000178226Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:02.738{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86B5A5BEB47A6EAE7887C8845C05ADD4,SHA256=9368EB103DC05653F2A5F7B801595397BEB2A5146C9DBC55A65123CF59026B3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:02.584{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47673B06D7DBCEB8D357EC2A018FA5E4,SHA256=FB11B19892B3FD1292C7253F291C7DB275CA1AE2F46BF9A79EE0373C8028B22E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178228Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:03.753{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=861E5D6961F90F43DD28E3721CAE286F,SHA256=AA39D1700051C68F2BAA946F121FC4425AAF487BC9D11F3D52B6642BECE54994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000248889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:03.587{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F53B153066989F1C2FB9DA528E8BE0D3,SHA256=29AF984B247BA8C75B4071EC946444DC0A5FB7C7EEAFC863FC3D38C1046E0B13,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000249003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:02.212{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60276-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000249002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.894{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.894{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000178229Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:04.769{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=632AE283BAE09310D06CA4737C3BD0C3,SHA256=558FDFDE0A4A58817013CDE6E4334FE695B84CCAA379F2A4C13CFC942550814F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000249000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.894{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.893{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.893{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.893{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.893{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.892{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.892{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.891{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.891{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.891{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.891{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.890{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.890{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.889{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.889{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.889{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.888{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.888{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.888{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.888{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.888{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.888{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.887{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.886{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.886{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.886{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.886{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.884{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.884{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.884{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.884{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.884{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.883{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.883{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.883{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.883{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.883{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.883{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.882{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.882{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.882{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.882{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.880{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.880{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.880{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.880{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.879{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.878{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.878{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.878{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.877{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.877{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.875{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.875{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.874{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.873{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.872{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.872{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.872{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.872{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.872{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.871{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.871{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.868{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.867{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.866{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.866{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000248917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.866{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 23542300x8000000000000000248916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.834{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EB5F05E15F3BC035F0B4F61B07BB7F1,SHA256=C4D4A1FEEA2059FA769670BAD356978AD9FC6F515C77E6AD3DFEF95F099C3C37,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000248915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.821{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.821{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.820{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.820{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.819{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.818{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.818{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.818{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.818{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.818{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.817{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.817{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.817{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.817{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.817{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.817{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.811{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.811{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.811{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.811{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.810{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.809{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000248891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.809{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000248890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:04.594{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F276760177D48C9EC807271DD21617B,SHA256=049D25D864287341EDEA4B553A440EAA24924E69C12160D8C7288AD5D393B30F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:05.598{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAEACC160CA5B35934594E1F61A69765,SHA256=F96661873BBDB6FA44ADB87FBF2CDE6614D5E4CDF5ACF8EEA3F68F7E4E5DA8E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178230Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:05.771{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DC3C4E94E1D204BD408EE50BE80E4AA,SHA256=9C78735448CFA49062E80979DE19FDA630E99F1A8E0E9962005C6C6566D420AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:05.000{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AB7D12CAED39D430526FBCC7B3F1D45,SHA256=EB2C1B1211E903D606FED1CCC487783497A015A39019BBC83C75DAE8B33BB217,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178231Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:06.785{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B864420BE6D647591C4EC5934C5E5EF,SHA256=E8442B7F12A1359D4357B1E6E80BE97A05AF055230BA3E72307627E2A9CD6ABB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:06.601{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B296CB615F67EB5C92A8673E2C1E50E2,SHA256=0A29EC95608156340563232B51F5A86E439F46B8C9D073C87B0B2F9AA870FEA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178232Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:07.800{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52275FCE4EE01950898F8E298C6023EB,SHA256=595A68B3D8D874854F1C29A7297D3A9684E7BC23FE507D7CB6EF202BCA1C97DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:07.605{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A4CA3F281028FA3E2F5C85945A75404,SHA256=119A01A83BEC996FF83191EA7408E61958F0D7899C02BC2EE2F88B30C54C284B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000249009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:07.271{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60277-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000249008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:08.621{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFFC03374CF7B87D1153629F6238BD3E,SHA256=995C3462651270C403A61D6253606EFDD2CDFAA1A0E2F4A51F7DED47D49E35F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178233Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:08.816{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79E90775603B8288A83F885D9690F857,SHA256=087D24B3C51B8E06507FCCD5400C01AD45C93305E6C6ADC3D971A659679CDFC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000249122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000178235Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:09.831{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=933CE086BD86B23D3211509FD2EB30A3,SHA256=C5883120C6A96730052B2D56A4A3A443945F2018A5B7D8C355DE6101C509C84F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000249120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.838{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.837{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.837{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.837{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.836{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.835{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.835{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.835{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.835{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.835{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.834{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.833{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.833{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.833{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.832{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.832{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.832{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.832{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.832{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.832{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.831{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.830{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.830{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.830{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.830{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.830{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 23542300x8000000000000000249045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.828{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFA4C6A5E3EB6EE0759F36E20420FF64,SHA256=34F5A007861A39AC63E9BAAB06FA090C6F3F84C05686C7F728C629920A28E4CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000249044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.814{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2109-000000002302}5520C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.813{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.813{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.813{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-08CE-61E8-E608-000000002302}628C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.813{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.813{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-050A-000000002302}7764C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFD-61E7-6801-000000002302}1952C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.812{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.811{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.810{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.810{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.809{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.809{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B700-000000002302}5048C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+32ce2(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327c9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64) 10341000x8000000000000000249011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.809{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D90-61E8-F109-000000002302}7000C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+327a7(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000249010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:09.680{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1961760F5FD96B5C8A1E25D0126D99F8,SHA256=D10CA62CFE272CCCD3368EF3A1288A97AEAA808BA7E86306F3CC5E577C945D23,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000178234Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:07.050{F0653C0F-C6F7-61E7-5B00-000000002402}4092C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-292.eu-central-1.compute.internal53311-false10.0.1.12-8000- 23542300x8000000000000000178236Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:10.847{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA16360A0C29C4380159AB42B0262E1C,SHA256=52E7AAE92CABEE68BDE997BA9EC73CB93380EC30C6D000FF9F93D1BE0FF61B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:10.692{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85DDE455C831FDCD37C9609922BB03DE,SHA256=015624A0F1600E70BE8F7E11FD2EE60D0DF583161404F9AE3390D9BDBB6977F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:10.103{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0283F30885384AC8F9EF5504AD627E3F,SHA256=99D88673A944539C187C11DB072247624F8A2352E3B6C9729D92B0756873B6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178237Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:11.863{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E074FB9322B8E60C1D0B0B8F213C5527,SHA256=DDF4212D265FFCF0CF7284BAC5018DACE0DEFAF2CDE0798ADEEA875067259FB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:11.695{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C880FBB59AF1AEEEF0E966E77AA435F,SHA256=E8A59411571F5014692A99E57F82F791760C8F9B59CFFEDEE834CAB1F0941424,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:12.710{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA4FCC2E0E36B8A99B5268CF04BE0947,SHA256=EF1A21B5290475F084C6DD4C3FA478BF7CA3920C4E6C92035C5AB33DEA88E660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178238Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:12.878{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=965BA1319CAEF6001B399FEBC1979614,SHA256=D3F0B67F71831C7EFAACA7823FE54626BB024614DA49759D777AB1CAC97DEB53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000249127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:13.723{ED6274ED-C719-61E7-7400-000000002302}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D9491C2F323DEE197456F69BF3ACC3E,SHA256=0FEECF3E614A01B7376242FF11BEC98EBB3D5DAC6EA821BF325B810B6E5D1780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178240Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:13.941{F0653C0F-C6EB-61E7-1100-000000002402}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=F83A51FD0784742996EED4371440B557,SHA256=2F8A09D55C65F2FEC52B42D90DAC4C00E8278B9F948761BA79E5D48E56165E14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000178239Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:13.894{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9807E4DB2A3BB98B05D2E41CA68F72FD,SHA256=566DD33F8320636E75A54518FD5C871F66713C01200C5B625A14DB92D597A0D2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000249241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:13.269{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-356.attackrange.local60278-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000249240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED4-61E8-400A-000000002302}7176C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ED1-61E8-3F0A-000000002302}6592C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x8000000000000000178242Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-292-2022-01-19 13:17:14.910{F0653C0F-C6FE-61E7-6900-000000002402}3660NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=911AADB5F9485936DC836C0459B7E5CF,SHA256=2CF49CFEA4C71B606DF469F27D342CAF94C31E160D9246AD74C30F483C91895E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000249238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0ECE-61E8-3C0A-000000002302}728C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D95-61E8-000A-000000002302}7304C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.829{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D92-61E8-F709-000000002302}7808C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F609-000000002302}6468C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D91-61E8-F309-000000002302}6348C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0A6B-61E8-2209-000000002302}4408C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-091A-61E8-F208-000000002302}2808C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0917-61E8-F008-000000002302}6956C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0913-61E8-EE08-000000002302}1116C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D0AD-61E7-3902-000000002302}5804C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-D09A-61E7-3802-000000002302}6060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE79-61E7-E401-000000002302}3356C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CE04-61E7-CE01-000000002302}6668C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CDF7-61E7-CC01-000000002302}4536C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CD0D-61E7-A101-000000002302}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CCF8-61E7-9D01-000000002302}5204C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-7001-000000002302}1432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC01-61E7-6D01-000000002302}3488C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CC00-61E7-6C01-000000002302}3768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.828{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-CBFF-61E7-6A01-000000002302}5432C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AF00-000000002302}4284C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83B-61E7-AC00-000000002302}4160C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C837-61E7-A700-000000002302}3164C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C780-61E7-8200-000000002302}3256C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C719-61E7-7400-000000002302}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C712-61E7-6B00-000000002302}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4200-000000002302}3520C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C707-61E7-4100-000000002302}3508C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C706-61E7-3400-000000002302}3216C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C705-61E7-3000-000000002302}1576C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.827{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2D00-000000002302}3052C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2C00-000000002302}3016C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2B00-000000002302}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2A00-000000002302}2964C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2900-000000002302}2948C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2800-000000002302}2940C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2700-000000002302}2932C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2600-000000002302}2800C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.826{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2400-000000002302}2784C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.825{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C704-61E7-2300-000000002302}2708C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.825{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6FC-61E7-2100-000000002302}2544C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.825{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F4-61E7-1F00-000000002302}2116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.825{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1700-000000002302}1336C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.825{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1600-000000002302}1216C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1500-000000002302}1148C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1400-000000002302}1140C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1300-000000002302}704C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1200-000000002302}420C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1100-000000002302}8C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-1000-000000002302}96C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F3-61E7-0E00-000000002302}996C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0D00-000000002302}900C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F2-61E7-0C00-000000002302}844C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0B00-000000002302}640C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0A00-000000002302}632C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.824{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0900-000000002302}580C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6F0-61E7-0700-000000002302}496C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0200-000000002302}324C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C6EA-61E7-0100-000000002302}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+311b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3293f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448ca(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+9f691(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-0D99-61E8-060A-000000002302}7740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83E-61E7-B600-000000002302}4920C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3bda2(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c309(wow64)|C:\Windows\System32\USER32.dll+290e5(wow64)|C:\Windows\System32\USER32.dll+273ea(wow64)|C:\Windows\system32\apphelp.dll+6741c(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3c167(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+328b9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+5124(wow64)|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150d8b4|C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe+150ff57|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+44467(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+448a9(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+447d4(wow64) 10341000x8000000000000000249176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-356.attackrange.local-2022-01-19 13:17:14.823{ED6274ED-0D94-61E8-FF09-000000002302}53047368C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\Discord.exe{ED6274ED-C83C-61E7-B500-000000002302}4700C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\discord_utils.node+3a49f(wow64)|\\?\C:\Users\Administrator\AppData\Local\Discord\app-1.0.9003\modules\discord_utils-1\discord_utils\di